Centralized policy

"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This concept enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. The centralized policy can be managed by logging into the dashboard.

Enable and disable rules in a policy

In the dashboard, each of the 30 built-in rules can be switched "ON" or "OFF" according to your needs. Once a rule is disabled or enabled, it will automatically propagate to all policy checks that are executed against that policy (via account token). This way, the policy owner doesn't need to manually update all the devices connected to this policy.

Document image

Edit rule fail suggestion text

To help the policy owner to educate the policy consumers (e.g. developers, teammates, etc.), why and how they should fix their misconfigurations, the text that is shown in the CLI, when a rule is failing, is editable.



Dashboard view

CLI output

Before edit ➡️

Document image
Document image

After edit ➡️

Document image
Document image

Policy management

Add policies with different rules configured, giving each of your use cases its own custom policy.

Add a new policy

Create a new policy and give it a descriptive name.

Document image

By default, each new policy is created without any rules enabled, giving you the freedom to configure it according to your needs.

Document image

Running checks against the new policy

To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p [policy-name]` to your policy check execution (e.g. $ datree test ~/.datree/k8s-demo.yaml -p A_team)

Terminal
Document image